You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, we use the same app registration / client id for the API and the front-end.
Since these two are different clients with different concerns, it is recommended to havve separate app registrations for the different applications / clients.
Some issues that show up when using a single app registration:
The API does not need reply urls or the OpenID Connect scopes
The front-end is a public client (until Implement BFF OAuth2 Proxy #391 is implemented), but the API is a confidential client
The API may need additioanl scopes / API-permissions to call different services, which are not intended to be called directly from the front end
Suggest Solution
Create different app registrations (via bicep) for the different components (and environments)
Describe Problem
Currently, we use the same app registration / client id for the API and the front-end.
Since these two are different clients with different concerns, it is recommended to havve separate app registrations for the different applications / clients.
Some issues that show up when using a single app registration:
Suggest Solution
Create different app registrations (via bicep) for the different components (and environments)
Additional Details